Admin in English with Switch
0 remedies
cpe:2.3:a:english_wordpress_admin_project:english_wordpress_admin:*:*:*:*:wordpress:*:*
0 remedies
- <= 1.1
Admin in English with Switch WordPress Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Admin in English with Switch plugin for WordPress, affecting all versions through 1.1. The vulnerability arises from inadequate nonce validation in the 'enable_eng' function, allowing unauthenticated attackers to alter administrator language preferences by tricking them into clicking a link.
Impact
Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling attackers to manipulate administrator language settings without authorization.
Reproduction
To reproduce this vulnerability, an attacker must exploit the 'enable_eng' function by sending a forged request that includes the 'data' parameter. This can be done by tricking an administrator into clicking a link that activates the request, thereby changing the language setting to English or disabling it, depending on the value of the 'data' parameter.
Remediation
No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.
Added: Sep 11, 2025, 8:55 AM
Updated: Sep 11, 2025, 8:55 AM
Vulnerability Rating
Custom Algorithm
spread
9.4impact
0.6exploitability
7.6remediation
0.0relevance
0.5threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.